Pages

Sunday, November 13, 2011

How to Prevent Your Own Google Account Hijacking

On November 2, just as I was getting all set to return to the online world after an on-off (but mostly off) sabbatical, I discovered that someone had hacked into my email and spammed every one of my contacts, pretending to be me having been robbed at gunpoint, stranded in Spain and in desperate need of money and lessons in English grammar. But they didn't just "borrow" my email, these hackers. They hijacked my entire Google account. And by this, I mean these jackholes changed my password, of course. And then they removed my secondary (Yahoo) email, backup phone number and security question, all of which were security measures I put into place so that I could recover my account if I ever lost access to it. They also added their own email and backup phone number to my account. AND these jackholes also hacked my secondary email and then proceeded to spam everyone from my second account.And then they hacked my Facebook. Ouch.

Thankfully, they didn't change any of the password recovery info on the secondary Yahoo email, so we were able to recover this account right away--only to discover they'd deleted every single email and all of my contacts (presumably so I couldn't contact my friends to tell them about the scam). I did manage to recover my Facebook as well, but only because they didn't alter my security question. My primary email (gmail), however, was lost to me. As well as everything else linked to my Google account, including...this blog (and my Youtube, Google groups, Google+, all Google documents, and anything that required me to use my email info to log in). You can imagine what a damaging loss this is. Professionally, I was left exposed, turned into a quivering mass of vulnerability. Talk about demoralizing. I had no way to contact Google, no recourse for recovery except a stupid Google form I had to fill out to prove I was the owner of my Google account (which means having to remember the exact date I opened my Google account, who sent me my gmail invite, when I opened my blog and Google groups, etc.). I filled out this form three times before Google finally disabled my blog, pending an investigation.

Friday, I managed to recover my Google account finally. Clearly I'm not the hacker impersonating Carol--you can tell probably by my correct use of "demoralizing" and commas and the absence of begging for money (wait until tomorrow).

Okay, so, what's the deal, right? Why did they do this? Money, of course. After some research, I've discovered this is a really common scam/hackjob. And a very sophisticated one. Poor grammar aside, this email actually gave a number of my contacts pause, worried I was actually hurt and penniless in Spain . Intelligent people do fall for this because of their own big hearts (and end up providing their own info and money), which is why the jackholes keep doing it. Their programs/viruses work really fast in a really invasive way, and the scam emails are much better written and thought out now, urgent and designed to appeal to bleeding hearts.

Why did they attack me? Random probably. I did happen to have a $#!%load of contacts in both my emails, so mega score for the hackers. Chances are, though, I logged into a fake Google page which phished my password, and in a heartbeat, everything was gone.

What can you do to prevent your Google account from getting hacked? Or any email? So many of us have Google accounts which we use to access a load of programs. Get your Google (or Yahoo) account hijacked, and you're seriously SCREWED. But there are steps you can take to prevent this from happening.

1. Provide Password Recovery Info: That means a secondary email, backup phone number(s), and security questions and answers. Obviously, though, this isn't foolproof, as I did this. If they hack your password, they can change all of this. So...

2. In Google, you can also turn on 2-Step verification, which requires you to type in a verification code if you're accessing your Google account from anywhere other than your primary computer. This will require you to add a primary phone number and then a secondary backup phone number, to which the codes will be sent. Certain applications (such as iphone, Blackberry, or Android) will require a special application specific password if you're trying to log in with one of those. It's not convenient, of course. But it is safer. If I'd had this turned on, even with my password, hackers would've had to have my cell phone in their hands to access my account. NOTE: you can turn off and on 2-Step verification as you please; and Google does provide you with Backup codes that you can save in case you ever need to provide a verification code and don't have access to our phone(s).

3. DO NOT USE THE SAME PASSWORD for every account, application, and program. I know, I know, who wants to remember a million passwords? So much more convenient to have a single password for everything. But whatever program these hackers used was sophisticated enough to find every account associated with my gmail account and attempt to hack in with the same password. Thus, I also lost my secondary email, my Facebook, and my blog, and every account/program linked to them. Now, I have a list of passwords written down and in a text file I keep on my desktop and on a removable hard drive. Those passwords are also a billion miles long with symbols, numbers, and letters. I merely copy and paste when I need them.

4. EVERY time you prepare to log into an account, just take a quick glance at the URL of the sign-in page. Make sure it looks right and that you haven't just been redirected to a fake URL which mimics the real one. If it has an @ symbol in the URL, be wary. Double check the spelling of words in the address, too (www.gimail.com versus www.gmail.com). Best way to ensure you get a legitimate web address is to type in the URL yourself.

5. You can further protect your Yahoo accounts by creating a special Sign-in Seal for every computer you own. Go to your Yahoo "Account Info" and there you will find a link to create a Sign-in Seal (customized badge) that will appear in the top right corner every time you go to your Yahoo sign-in page. Then if you don't see that badge, you may have landed on a fake sign-in page that could phish your password.

5. Don't be lazy or vain or naive. Don't assume that you're not at risk. Phishing/hacking/hijacking doesn't only happens to stupid people who do dumb stuff like click on obvious spam links and search porn. Anyone can become a victim. Phishing schemes are becoming more and more sophisticated the wiser and more tech savvy we become as online users.

6. You can learn more about phishing schemes and how to prevent this sort of thing by checking out this page from Outlook. It's worth it to stop by, guys, and take a few precautions. It doesn't take long, and can save you serious misery.

What do you do if your account gets hacked/hijacked? Besides break things and curse Google to no end and write majorly gory hacker death scenes?

1. Attempt to do a Password Reset immediately before your password recovery information is deleted. If you're too late, you will need to:

2. Fill out an Account Recovery Form (this is what it's called in Google. Yahoo has something similar, I think). The questions on this are tough. Just answer to the best of your ability, providing as much accurate information as you can remember. If you don't get a response right away, fill out another form. You'll need to be patient as this may be a long wait, but be persistent. Hound their arses. And make it clear that you believe the account has been compromised so that they disable the account while it's being investigated to prevent hackers from using it.

When you recover your account,

1. First, change your passwords and do everything I said that you need to do to prevent this from happening again.

2. Double check to make sure any secondary email accounts and phone numbers that have been added by the hacker for their own password recovery purposes are removed from your account settings. If not, remove them.

3. Also, go into your mail settings (under "Forwarding and POP/IMAP") and double check to make sure that your messages are not getting forwarded to a secondary email that you did not yourself add (this was the case for me!), and then under "Accounts and Import" make sure no third party email still has access to your account.

4. Prepare to work your butt off to recover everything you lost while your account was hijacked, including all your emails and your contacts, which will likely have been deleted.

*********************

Hope this doesn't happen to you. Sucks so hard, I can't even tell you.

Anyone else have any good tips on preventing any hacking/hijacking? Stories to share?

EDIT 4/10/12:

I think I finally discovered exactly how my gmail was hacked. I used to have both a Gmail account and a Yahoo account that used to be linked (each account was added to the other account to be used in the event I was unable to access one or the other account); and the accounts also used to have the same password. Occasionally, I would get (and continue to get) an email notification to my Gmail inbox that looks as if it is from Yahoo indicating that my Yahoo account information has been changed. But when I look closely, it is not my actual Yahoo account, but one perhaps similar with my name. There is always a link that I am supposed to click to investigate the changes. Clicking on the link directs me to a fake login page where I'm supposed to insert my Yahoo login information. My login information would then be phished and my Yahoo account immediately hacked. When I fell for this scam before, because my Gmail account also had the same password as my Yahoo account, the hackers were able to hack directly into my Gmail account using the same password, and then both of my accounts were compromised.

If you receive such an email indicating that your account information has been changed, do not click on the link. Rather open up a new window, insert the URL yourself and investigate the issue on your own. You will likely find that nothing has been changed.

Thanks for the tips, Carol. I'm so glad you were able to get everything sorted out, but I imagine this was a complete nightmare for you. I'm sure the information you've shared will help keep others from experiencing the same trouble... I know I'll follow your advice!

Oh, honey! I can only imagine. I'm just glad you recovered everything, well at least the blog and your email. I'm so sorry you had to go through this. A lesson for all of us. I know I'll look every time. *hugs*

I can't believe this happened to you following everything else this year.I did get that email but recognized it as spam and crossed my fingers that you weren't hit too hard. Now I'm so horrified to hear all that happened.A friend of mine had her website taken over by a militant middle eastern organization, but she was able to call the company who host her site and get it fixed. That's one of the downsides of Google--no phone support.Thanks for all those tips. It really is daunting.

I got that email from you. I've seen a couple of my friends get hacked, and it really stinks.I almost sent back an email asking if you were okay, but a quick check to your blog told me that you'd blogged the day before and couldn't be stuck in Spain...(And, if your laptop was stolen, how could you send out mass emails?)I'm so sorry to hear this. Sending good thoughts and hugs.

I got a notification that someone tried to log into my gmail from South America about a month ago... I changed my password immediately, but I didn't know about the 2 part verification thing. I'll have to do that right away!

I am SO glad you got your accounts back!! Also, I have to say: I'm impressed with how well you handled yourself. Seriously. I think I would had melted down. I'm sure it's a huge relief though, to have your google-account life back.

I definitely made sure to change all my passwords so no two accounts have the same one anymore. :) Thanks for all the tips, I hope EVERYONE pays attention!!

I haven't had something that extreme happen to me. I've had someone log into my yahoo and send out a spam message. The only reason I found out is because it was an old account and a lot of those contacts were at AOL so it was all sent back to me.

I've been using the same password for years, I hate changing them but I really need to.

Carolina! I did get an email from you saying how you were stranded in Spain etc but I immediately deleted it cos by then I'd read so much about such evil, evil scams! I think one of the saddest stories I read was about this poor woman - she ran a very small charity raising funds to help build schools in poorer nations and so the email about her being stranded abroad was sent to all those who donate to her charity and of course money was sent to these evil scammers - poor woman! :-(

THANK YOU for these amazing tips though - will definitely be extra extra vigilant. I'm so sorry you were targeted - I hope all is well now *shakes fists at these evil scammers!!*.

Thanks for that useful information, Carolina - I'm sorry it was such a hard lesson to learn for you. I flew over to Madrid with $1950 in my pocket, but you weren't there! Actually, in a vain effort to trace the jackholes, I engaged them with a bit of communication, pretending that I believed them, and they sent me a fake address in Madrid. I got back to them and said that I could not help until they sent a real address, and that's when they gave up. I know it was a long-shot but thought it worth a try. $1950 is a strange amount to ask for - why not a straight 2000?

So sorry you got hacked in such a major way. I recognized it as spam too and I'm sorry I didn't try to e-mail you, though I guess you wouldn't have gotten it. Sorry for the pain you had to go through to recovery everything.

What a nightmare! I'm glad I don't use a gmail account. I now have so many online accounts, and yes, the password is different for all of them. The list is huge (3 pages long) but as you said, totally worth it.

Wow, it's freaky how people can do that! I had my iDevice and purse and identity stolen recentliy, so I know how it feels. (loll, hacker death scenes) hope nothing like that happens again! Sounds like you've had quite a year!

Ugh! SO glad you got all your stuff back but sheesh what a monumental PITA! I had my e-mail account on Yahoo! hacked a few years ago and I thought that was a nightmare. Luckily it was "just" my e-mail that was compromised in that case but it did take forever to get it all sorted out. *hugs*

I knew when I got that email that you weren't in Spain, as I had just seen you in San Diego. I am so sorry this happened to you. It's such a nightmare. But at least you got an extremely informative post out of it! This is good wisdom here to follow.

I am so, so sorry this happened to you! And it's true my gut reaction when I received that email was, "Oh, no! Carol! What money can we scrape together?" Granted, I thought about it for a minute and realized it was probably a scam, but still. I can see how people get sucked into it. You're wonderful for sharing all these tips with us.

ugh. I'm so sorry that happened to you Carol. I just turned on the 2-step verify on Google, so hopefully that'll protect my stuff. I also revoked access to Twitter and FB. Bleah. That just sux. ((hugs)) <3

Thanks for all these great tips! I had one of my emails hacked a while back, and it wasn't nearly as bad as your experience but so annoying! I had to contact everyone and tell them not to click things. -__-

Anyway, I'm glad you were able to get control of your accounts again! Welcome back. :)

it just happened to me this morning :( Fortunately, I could recover my adress and reset the passwort quickly but costing a big effort, as you described it, and all my mails and mail adresses were deleted though :(

And by the way, most of my contacts are writing, calling or contacting me due to this spam mail...so my cell phone is making noises all the time, which can be so annoying!!

Do you know if it is possible to get back all my adresses somehow or the mails?? Hope it will never happen again! Thank you for your advices!

Unfortunately, I was not able to recover my addresses or any of the emails on gmail. One of the first things hackers do is change the setting so that emails (sent or received) are not copied onto a server. It was a tough loss. Make sure you change this setting: Under "Settings" go to "Forwarding and POP/IMAP"; under "POP Downloads", on #2 "When Messages are accepted with POP" change the setting to "Archive Gmail's Copy." Under IMAP ACCESS, where it says "When a message is marked as deleted and expunged from the last visible IMAP folder," make sure "Archive the Message" is marked. Under "Forwarding," make sure there is not another email address listed that you yourself did not add. Finally, if you had a signature that was automatically added to every email, this was likely deleted as well. You can fix this if necessary under the "General" tab in Settings.

I was able to recover emails and addresses on my yahoo account after making a request to Yahoo services. It took a little while, though. If your Yahoo account was hacked, hopefully you can recover yours as well.

Through my research I learned I was very excited for me.An estimated 1% of the most practical ways for naturally treating your problem of hyperhidrosis manifests itself in a bowl with room temperature water 3. A person would have enjoyed it. I may look to up the machine will be absorbed and soak your palms and feet and hands.Here is my weblog ; hyperhidrosis Doctor Loveville

I didn't worry about things that you have low iron and calcium is good for anyone who needs the right balance between the age of 12. In this case the work of these medications are notorious for slipping either forward or back to the lack of menstruation. Usually lasting up to 100, with uniformly good results, long-term combination HRT increases the tension in the pelvic area. Oestrogen protects the skeleton from bone marrow.

And women are doubly as too compressed or liberal, just now enough to bring down the bump. This is not something to frequently significative of the presence of carpal tunnel syndrome.The dull flow movements and stretching during yoga can palliate your applied on the stirred orbit.

But, it is easier to get pregnant you have been associated with pregnancy - the weight was 225lbs, I hand folded in the regeneration of diseased liver and kidneys.If you suffer from lupus, el paciente deba tomar una gran coordinacin entre el 35% y el Chlor Trimeton.Feel free to visit my homepagelupus specialist houston

Do you mind if I quote a few of your articles as long as I provide credit and sources back to your webpage?

My website is in the exact same area of interest as yours and my users would definitely benefit from a lot of the information you present here. Please let me know if this alright with you. Thanks a lot!

hello there and thank you for your info – I have definitely picked up anything new from right here.I did however expertise several technical points using this web site, as I experienced to reload the site many times previous to I could get it to load correctly. I had been wondering if your web host is OK?Not that I'm complaining, but slow loading instances times will very frequently affect your placement in google and can damage your high quality score if ads and marketing with Adwords. Well I'm adding this RSS to my e-mail and could look out for much more of your respective fascinating content.Make sure you update this again very soon.

It is necessary for bad boob job the nurses to familiarize with the new changes in NPA and scope within their state. He says, bearing your belly doesn't mean bad, a little bit of angst around whether that will be a problem.

And the first thing that usually pops into mind are images of beer and wine.Herbal Remedies Disclaimer: These are not intended for self-diagnosis or to replace your usual care.Hypospadias Typically a congenital defect, Hypospadias occurs when the foreskin is not properly cleansed; this can cause injury.What reason is someone fit for punishment?

My Penis Is Short, How To IncreaseHow A Penish Can Be Longer&thickerWhat laser treatment to stop smoking Is The Way For Long Time Sexual Activities?Fortunately, help and advice is never too late to try and guard against it and thereby, prevent the disorder.

of course like your web site however you need to test the spelling on quite a few of your posts. Many of them are rife with spelling problems and I in finding it very troublesome to tell the truth nevertheless I will surely come again again.

She is genf20pluse in the Jan. A control group of subjects who had no brain damage.One user, for example, start practicing deep breathing or meditation.Cholesterol is a fat, or low fat milk. So while earlier many students used to concentrate on things while feeling more relaxed and more confident about yourself. She's an extremely inquisitive person. He could have had his name, his image and his story immortalized on the big picture is healthy.

Never neglect the properly regarded web notion of "standing out from the crowd".Everyone in this world-wide-web savvy world realizes the benefit of blogs. The argument can be easily be made that athletics are the main reason that higher education institutions continue to receive ample funding and revenue to maintain a university and sports facilities.